Hospital email hacked, and more on two-factor authentication
Welcome to Cyber Security Today. It’s Friday October 11th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
Methodist Hospitals of Gary, Indiana has admitted that personal and medical information of as many as 68,000 individuals may have been copied by a hacker between March and July. How? Two hospital employees were suckered by an email phishing scam. Presumably they gave out their passwords, because the hospital says the hacker got into their email accounts. What these employees had in their email was patient information that included people’s names, addresses, social security numbers, drivers licence numbers, credit or debit card numbers, dates of birth as well as medical information. In some cases there were passport numbers.
The odds of this kind of data getting out can be lowered in several ways: First, organizations whose staff handle sensitive information have to make sure all personal data is encrypted. That includes messages and files employees send to each other. If the data gets out it’s encrypted, so it’s useless. Second, the organization has to use two-factor authentication for all logins. For those who don’t know, 2FA as its called, is an extra step that requires users to enter a four- or six-digit code when logging in, in addition to a username and password. The code gets sent to you by text or email. Used properly it can’t be stolen like a password. It probably would have stopped the Methodist Hospital hacker.
I’m sure I sound like a broken record on the importance of using two-factor authentication. Well, it’s not only me that talks about this. This week John Sawers, the former head of the British spy agency MI6 told a conference in London that two-factor authentication is one of the prime ways you can improve security. So, listeners, if the apps or websites you use offer 2FA, enroll in it. Microsoft Office offers it, Google and Yahoo offer it. Companies, if you don’t offer it to your users, you should. And quickly.
These podcasts are brief, so if I haven’t made two-factor authentication clear, do a web search.
During Cyber Security Awareness Month I’m passing on tips on how to stay safer online. There’s no shortage of mobile apps for smartphones, but they can be a privacy and security risk. The National Cyber Security Alliance, a business association, offers this advice: Delete apps you don’t need or no longer use. Go into your settings and look at the permissions each app wants. Say “No” to any that don’t make sense. Does a fashion app need to access your contacts? Does a texting app need to access your location? Does a game need to access your photo album? Lastly, only download apps from trusted sources.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon